Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1239 — Code Injection in Foxit Reader

CWE-94 — Code Injection5 documents5 sources

Severity

9.3CRITICALNVD

CNA10.0

EPSS

5.0%

top 10.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Foxitsoftware Foxit Reader

Timeline

PublishedApr 5

Latest updateMay 2

Description

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDfoxitsoftware/foxit_reader3.2.0.0303+6

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-54xc-2c9p-qfwj: Foxit Reader before 3↗2022-05-02

▶

CVEList

CVE-2010-1239: Foxit Reader before 3↗2010-04-05

▶

💥Exploits & PoCs

Exploit-DB

Adobe Reader - Escape From '.PDF' Execute Embedded Executable↗2010-03-31

▶

💬Community

Bugzilla

OpenJDK Incomplete Fix for CVE-2010-4469↗2011-02-18

▶